Access Method, Device and System for User Equipment (ue)

1. An access method for a user equipment (UE), the method comprising: receiving, by a first network device on a 3rd Generation Partnership Project (3GPP) network, wherein the first network device uses a second network device on a non 3rd Generation Partnership Project (non-3GPP) network, an access request message from the UE, wherein the access request message comprises an identifier of the UE; generating, by the first network device, a first non-access stratum (NAS) verification code based on the identifier of the UE and a NAS security context of the UE that is stored in the first network device; when the access request message comprises a second NAS verification code, detecting, by the first network device, whether the second NAS verification code is the same as the first NAS verification code, wherein the second NAS verification code is a verification code that is generated by the UE based on a NAS security context stored in the UE; and when the second NAS verification code is the same as the first NAS verification code, sending, by the first network device, an access key of the non-3GPP network to the second network device.

2. The method of claim 1 , further comprising: determining, by the first network device, the access key of the non-3GPP network based on a NAS sequence number of the 3GPP network, a key of the 3GPP network, and a type identifier of the non-3GPP network.

3. The method of claim 2 , further comprising: obtaining, by the first network device from the NAS security context of the UE stored in the first network device, the NAS sequence number of the 3GPP network and the key of the 3GPP network; and receiving, by the first network device, the type identifier of the non-3GPP network from the second network device.

4. The method of claim 1 , further comprising: when the second NAS verification code is different from the first NAS verification code, performing, by the first network device, security authentication on the UE; or when the access request message does not comprise a NAS verification code, performing, by the first network device, security authentication on the UE.

5. The method of claim 1 , further comprising: obtaining, by the first network device, capability information of the UE, wherein the capability information is used to indicate a capability of the UE on the non-3GPP network; and sending, by the first network device, the capability information to the second network device, wherein the capability information is used by the second network device to determine a cryptographic algorithm, and the cryptographic algorithm is used by the second network device to generate an access stratum (AS) key of the non-3GPP network.

6. An access method for a user equipment (UE), the method comprising: generating, by the UE, an access request message, wherein the access request message comprises an identifier of the UE and a non-access stratum (NAS) verification code based on a NAS security context stored in the UE; and sending, by the UE, the access request message to a first network device on a 3rd Generation Partnership Project (3GPP) network by using a second network device on a non 3rd Generation Partnership Project (non-3GPP) network.

7. The method of claim 6 , further comprising: determining, by the UE, an access key of the non-3GPP network based on a non-access stratum (NAS) sequence number of the 3GPP network, a key of the 3GPP network, and a preset type identifier of the non-3GPP network.

8. The method of claim 6 , further comprising: generating, by the UE, the NAS verification code.

9. The method of claim 6 , further comprising: receiving, by the UE by using the second network device, an authentication message from the first network device; and sending, by the UE by using the second network device, an authentication response message corresponding to the authentication message to the first network device.

10. The method of claim 7 , further comprising: generating, by the UE, an access stratum (AS) key of the non-3GPP network based on the access key of the non-3GPP network.

11. An access device for a user equipment (UE), the access device comprising: a receiver, a transmitter, a processor, a bus, and a memory, wherein: the bus is configured to connect the receiver, the transmitter, the processor, and the memory; the receiver is configured to receive, using a second network device on a non 3rd Generation Partnership Project (non-3GPP) network, an access request message sent by the UE wherein the access request message comprises an identifier of the UE; the processor is configured to execute a program stored in the memory, generate a first non-access stratum (NAS) verification code based on the identifier of the UE and a NAS security context of the UE that is stored in the access device of the UE, and when the access request message comprises a second NAS verification code, detect whether the second NAS verification code is the same as the first NAS verification code, wherein the second NAS verification code is a verification code that is generated by the UE based on a NAS security context stored in the UE; and the transmitter is configured to, when the second NAS verification code is the same as the first NAS verification code, send an access key of the non-3GPP network to the second network device.

12. The device of claim 11 , wherein the processor is further configured to: determine the access key of the non-3GPP network based on a NAS sequence number of the 3GPP network, a key of the 3GPP network, and a type identifier of the non-3GPP network.

13. The device of claim 11 , wherein the processor is further configured to: when the second NAS verification code is different from the first NAS verification code, perform security authentication on the UE; or when the access request message does not comprise a NAS verification code, perform security authentication on the UE.

14. The device of claim 11 , wherein: the processor is further configured to obtain capability information of the UE, wherein the capability information is used to indicate a capability of the UE on the non-3GPP network; and the transmitter is further configured to send the capability information to the second network device, wherein the capability information is used by the second network device to determine a cryptographic algorithm, and the cryptographic algorithm is used by the second network device to generate an access stratum (AS) key of the non-3GPP network.

15. The device of claim 11 , wherein the second network device is a wireless access point (AP).

16. An access device for a user equipment (UE), the access device comprising: a transmitter, a processor, a bus, and a memory, wherein: the bus is configured to connect the transmitter, the processor, and the memory; the processor is configured to execute a program stored in the memory and generate an access request message, wherein the access request message comprises an identifier of the access device of the UE and a non-access stratum (NAS) verification code based on a NAS security context stored in the UE; and the transmitter is configured to send the access request message to a first network device on a 3rd Generation Partnership Project (3GPP) network by using a second network device on a non 3rd Generation Partnership Project (non-3GPP) network.

17. The device of claim 16 , wherein the processor is further configured to: determine an access key of the non-3GPP network based on a NAS sequence number of the 3GPP network, a key of the 3GPP network, and a preset type identifier of the non-3GPP network.

18. The device of claim 16 , wherein the processor is further configured to: generate the NAS verification code.

19. The device of claim 16 , wherein the device further comprises: a receiver configured to receive, by using the second network device, an authentication message from the first network device and wherein the transmitter is further configured to send, by using the second network device, an authentication response message corresponding to the authentication message to the first network device.

20. The device of claim 17 , wherein the processor is further configured to: generate an access stratum (AS) key of the non-3GPP network based on the access key of the non-3GPP network.